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DETAILED ACTION 



1. Claims 1-6, 8-16, 19, 21, 23, 24, and 26 are pending in this action, claims 7 and 
25 are canceled. 

Rejections 

2. The text of those sections of Title 35, U.S. Code that are not included in this 
rejection can be found in a prior Office action. 



Claim Rejections - 35 USC § 103 

3. Claims 1-6. 8-16. 19. 21. 23. 24. and 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Campbell et al. (U.S. Patent No. 6,839,850) in view of Havman 
etal. (U.S. Patent No. 5,859,966). 



Regarding claims 1 and 13 . Campbell et al. teaches a process/computer- 
readable medium for protecting a computer from hostile code, the process comprising: 
• Defining at least two trust groups, each of the defined trust groups being 
characterized by a trust group value (fig. 5a, gauges are the trust group and 
thresholds are the trust group values, higher thresholds would mean a higher 
trust group, see also col. 1 1 , lines 20-59, discussion on gauges and how they are 
used in barriers and boundaries - boundaries relating to policies such as the use 
of FTP); 
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• Assigning objects and processes in the computer to one of said trust groups, 
irrespective of the rights of a user of said computer (fig. 5a, the objects and 
processes are the events and they are assigned to gauges); 

• Defining an action rule for each combination of process trust group value, object 
trust group value, and object type (fig. 5b, see also col. 13, lines 12-24); and 

• Upon an access request by a requesting process to a target object, performing 
the action indicated by the action rule applicable to the trust group value of the 
requesting process, the trust group value of the target object, and the object type 
(fig. 5b and 5c, see also col. 20, lines 1-26). 

Campbell et al. does not teach defining at least two object types or assigning an 
object type to each of the objects. 

Havman et al. teaches defining at least two object types and assigning an object 
type to each of the objects (col. 2, lines 39-41 ). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine defining object types and assigning an object type to 
each object, as taught by Havman et al. , with the process/medium of Campbell et al. It 
would have been obvious for such modifications because some objects are passive and 
others are executable; passive objects should be treated differently than executable 
objects. The teachings of Campbell et al. disclose combining objects and processes 
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with object types - it would be desirable to encompass objects that are both passive 
and executable. 

Regarding claim 2 , Campbell et al. as modified by Havman et al. teaches 
wherein a process is assigned upon creation to the trust group assigned to the passive 
code from which the process is created (see col. 3, lines 19-31 of Hayman et al.). 

Regarding claim 3 . Campbell et al. as modified by Havman et al. teaches further 
comprising changing the trust group of the process if the trust group value of the 
process is greater than the trust group value of the object (see col. 4, lines 38-51 of 
Hayman et al.). 

Regarding claim 4 . Campbell et al. as modified by Havman et al. teaches further 
comprising changing the trust group of said object after performing said action (see col. 
4, lines 38-51 of Hayman et al.). 

Regarding claim 5 . Campbell et al. as modified by Havman et al. teaches further 
comprising, upon creation of an object by a process, assigning said created object to 
the trust group of said process (see col. 3, lines 19-31 of Hayman et al ). 
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Regarding claim 6 , Campbell et al. as modified by Havman et al. teaches further 
comprising defining at least two operation types and wherein said combination includes 
at least one of said operation types (see coL 2, lines 42-43 of Hayman et al.). 

Regarding claim 8 , Campbell et al. as modified by Havman et al. teaches further 
comprising assigning said process to the trust group of said object if the trust group of 
said process is higher than the trust group of said object (see col. 5, lines 25-46 of 
Hayman et al.). 

Regarding claim 9 , Campbell et al. as modified by Havman et al. teaches 
wherein upon a restart of said process, the trust group of said process reverts to the 
original trust group of the object from which the process was created (see col. 3, lines 
24-28 of Hayman et al.). 

Regarding claim 10 , Campbell et al. as modified by Havman et al. teaches further 
comprising: 

• Defining at least two process types (see col. 2, lines 36-38 of Hayman et al.); 

• Assigning processes to one of said process types (see col. 2, lines 36-38 of 
Hayman et al.); and 

• Wherein said combination includes at least one of said process types (see fig. 5b 
and 5c, see also col. 20, lines 1-26 of Campbell et al.). 
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Regarding claims 11 and 16 . Campbell et al. as modified by Havman et al. 
teaches wherein said object types comprise passive code and executable code (see 
col. 2, lines 39-41 of Hayman et a.). 

Regarding claims 12 and 15 . Campbell et al. as modified by Havman et al. 
teaches wherein said operation types comprise open, read, create, modify, and delete 
(see col. 2, lines 42-43 of Hayman et al.). 

Regarding claim 14 . Campbell et al. as modified by Havman et al. teaches further 
comprising instructions causing the computer to: 

• Define a table of types of at least two types of objects, the objects in the 
computer being assigned one type (see col. 2, lines 39-41 of Hayman et al ); and 

• Wherein said plurality of rules defines said actions further based on the type of 
said object (see fig. 5b and 5c, see also col. 20, lines 1-26 of Campbell et al.). 

Regarding claims 19 and 21 . Campbell et al. as modified by Havman et al. 
teaches wherein the computer is operatively coupled to a network, the network including 
a server, the table of trust groups/rules is stored in said server (see fig. 1 , ref. num 100 
and 106, and col. 12, lines 10-18 of Campbell et al.). 



Regarding claim 23 . Campbell et al. teaches a computer comprising: 
• A random access memory (fig. 2, ref. num 206); 
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• A non-volatile memory (fig. 2, ref. num 208); 

• A processor coupled to said RAM and said non-volatile memory (fig. 2, ref. num 
104); 

• Wherein said non-volatile memory comprises: 

o A list of rules, each rule defining an action based on an object type (fig. 
5b, see also col. 13, lines 12-24); 

o A list of object trust groups, each trust group defining an object trust value 
and coupled to at least one of said rules (fig. 5a, gauges are the trust 
group and thresholds are the trust group values, higher thresholds would 
mean a higher trust group, see also col. 1 1 , lines 20-59, discussion on 
gauges and how they are used in barriers and boundaries - boundaries 
relating to policies such as the use of FTP); 

o A plurality of objects, each of said objects having an object type and 
assigned to one of said trust groups (fig. 5a, the objects are the events 
and they are assigned to gauges) 

Campbell et al. does not teach a list of object types or assigning objects to an 
object type and wherein when a process is created in said RAM from an originating 
object of one of said objects, said processor assigns to said process a process trust 
value equal to the object trust value of said originating object. 
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Havman et al. teaches a list of object types and assigning objects to an object 
type (col. 2, lines 39-41 ) and wherein when a process is created in said RAM from an 
originating object of one of said objects, said processor assigns to said process a 
process trust value equal to the object trust value of said originating object (col. 3, lines 
19-31). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a list of object types and assigning objects to an object 
type and assigning a trust value equal to the object trust value of the originating object, 
as taught by Havman et al. , with the computer of Campbell et al. It would have been 
obvious for such modifications because some objects are passive and others are 
executable; passive objects should be treated differently than executable objects. The 
teachings of Campbell et al. disclose combining objects and processes with object types 
- it would be desirable to encompass objects that are both passive and executable 

Regarding claim 24 , Campbell et al. as modified by Havman et al. teaches further 
comprising a controller receiving operation requests from said process to be performed 
on a target object of one of said objects and, upon receiving said requests said 
controller access said list of object trust groups, list of rules, and list of object type to 
determine whether to allow the operation (see fig. 5b and 5c, see also col. 20, lines 1-26 
of Campbell et al.). 
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Regarding claim 26 . Campbell et al. as modified by Havman et al. teaches 
wherein the controller allows the operation request but the process trust value is lower 
than the target object trust value, said processor resets the process trust value equal to 
that of the target object trust value (see col. 3, lines 24-28 of Hayman et al.). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brandon S. Hoffman whose telephone number is 571- 
272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). f\ n 
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